Primary

Context

TYPO3 CMS File Abstraction Layer Broken Access Control Vulnerability

Vulnerability

Patched

A broken access control vulnerability has been identified in the File Abstraction Layer of TYPO3 CMS. Non-privileged backend users with file mount access could perform destructive write operations, such as moving, deleting, or renaming folders that represent the root of an active file mount. This issue arises from inadequate authorization restrictions and affects TYPO3 CMS versions prior to 10.4.57, 11.0.0 through 11.5.50, 12.0.0 through 12.4.45, 13.0.0 through 13.4.30, and 14.0.0 through 14.3.2.

Impact

Exploitation of this vulnerability allows non-privileged users to manipulate folders on active file mounts, potentially leading to data loss or disruption of file management processes.

Remediation

Users are advised to update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LTS, or 14.3.3 LTS, all of which address this vulnerability.

Added: Jun 9, 2026, 11:37 AM

Updated: Jun 9, 2026, 11:37 AM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

9.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

0.6

exploitability

6.1

remediation

7.7

relevance

9.3

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

TYPO3 CMS File Abstraction Layer Broken Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

TYPO3

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating